ceo@xxxxxxxxx wrote:
> Rule #1.
> Never, ever, ever, alter the user's input, EXCEPT for sanitizing/filtering.
> Specifically, do NOT add <br /> tags in place of newlines.
> Store the newlines.
>
> Upon OUTPUT, you can use nl2br() to get <br /> tags.
> Or str_replace if you want </p> instead.
I would agree with this, but to eliminate the overhead of processing the data and generating your output on each page load, I would store the data
twice, one in the original format the user submitted, the second is the post processed version of what the output would be. This way you only have to
process the data once. On updates, refresh the processed copy and store it. Upon page load, just dump the data from the DB to the screen and call it
done.
>
> This is crucial as a habit, down the road, when you later want to put their stuff out as non-HTML such as RSS or PDF or other output mechanisms.
>
> Consider their input as sacrosanct (except for dangerous/evil input).
>
>
--
Jim Lucas
"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."
Twelfth Night, Act II, Scene V
by William Shakespeare
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
